IgnotaYLP
If you were active in the programmer or hacker community around the millennia then you might remember hearing a momentary buzz about a particularly odd virus that had affected quite a few computers near the end of the Summer in 2001. From late July to early September 2001 there were close to 50,000 computers and networks that were confirmed to have been infected with a particularly odd virus known as ignota.YLP. Unfortunately the coverage of this large scale virus was overshadowed by another (what was believed to be) unrelated virus known as The Code Red Computer Worm which appeared around the same time and infected over 1 million computers and networks across the world. Out of the 50,000 computers infected about 31,000 of them were in Asian speaking countries with the remaining ones being in either North America or Europe. Besides the translation issue this made it harder to gather information of the virus since it's likely that any inquiry into the program made by any Chinese computer security groups has since been censored by their government or otherwise just lost to time. The reason why ignota.YLP is believed to be more than a normal computer virus is how it was obtained. Around the time and even today most viruses are obtained through spam email downloads. The way it works is identity thieves and scammers would send chain emails with titles such as “MESSAGE FROM YOUR SECRET ADMIRING” or “HOW TO BECOME A MILLIONAIR IN 30 DAYS” Once the victim opens these emails and clicked on whatever downloaded link was attached, then their computer would become infected with a Trojan Horse or some other kind of virus. The difference with ignota.YLP is that the program wasn’t downloaded onto computers from the internet or emails. In fact in almost every case there were no consistent programs downloaded or websites the people had visited to possibly get the virus. Even more strange some of the computers infected were at no point even connected to the internet. This was either because of the owner living in a remote area without internet access or because of their personal choice not to use the world wide web. One man interviewed at the time claimed that he had booted up his newly bought computer for the first time to discover the program already installed. The virus itself really didn’t do anything that harmful. It's mainly remembered today just for the fact that it's one of a few viruses that never did anything particularly malicious. Normally it would just change the settings on the computer, for example it might switch the timezone or the date. It would sometimes rename internet explorer or notepad to a bunch of random characters or swap the default windows color scheme with the high contrast color scheme. No files ever got deleted and no identities were ever stolen. The only time the computer was harmed in anyway was if someone tried to delete the virus off of the hard drive. Now, at the time most of the programmers and tech experts were concerned in containing The Code Red Worm. Because of that not many people were trying to look into ignota.YLP. Besides a few amateur hackers on a Yahoo Group the only famous real world computer expert that attempted to crack virus was Professor Alexander Neméth from the Budapest University of Technology and Economics. Below I put a excerpt from a translated email that Professor Neméth wrote to a colleague about the virus to give a better sense of what he found: Professor Neméth’s email to colleague “I have discovered the most strange of all technological oddities my friend. The program I had mentioned when we met for lunch last that one of my student discovered on his computer has not shown any signs of being mischievous in nature yet its purpose continues to elude me. Any attempt I make at looking at the programs code through the use of third party software causes the computer to forcibly shut down and when I reboot the computer I discover the software I was using to have been removed. When I tried to upload the file so it may be viewed from the internet the same event of shutting down occurs. Finally I used a portable flash drive to store and transfer the program. When I uploaded it unto the university computer Instead of seeing ignota.YLP I saw many text documents appearing on my desktop when I opened them they started pasting their own intangible code at such a rate that my hard drive had filled itself to capacity after a few minutes to which the virus started deleting files. I was then forced to reinstall the operating system.” -August 10th 2001 Professor Neméth’s experience was not an isolated one. Many others who delved deep enough into the mystery found their computers acting a similar manner when they attempted to tamper with ignota.YLP Though Neméth was the only computer expert of any notoriety who was involved in the case a collaboration of frequent posters on one of the larger Yahoo tech message boards became involved in the program as well. After moderators started deleting any topics inquiring about the virus on most of the larger forums a select group of a few dozen people started their own board just to talk about this strange program. This group who dubbed themselves The Ministry of Silly Walkers (in reference to the Monty Python Sketch) made around two dozen different topics in their own sub forum before one of the main members of the group made his own GeoCities site that they then used to discuss any further progress in their goals of cracking the virus. Even though all the posts of the groups private website are now lost and the site itself in inaccessible, you can still learn a lot about the virus by reading the posts they made on the original Yahoo tech group using some web archive software or the wayback machine. Below I put a later segment of one of the forum topics to give you an idea of the kind of information they discovered about the virus: '-GeekButNotWeak:' ok guys listen i found somthing realy cool today so after Cubsfanguy82 found out that if you use a flash drive to put the virus on another comp you get all messed up code i decided to try it out, now theres no way to stop the comp from crashing after 10 mins but what i did find is that you can stream your desktop onto another comp while its getting filled up with all those junk documents and you can record what its typing so i did that and got a video file to playback on my laptop so after i slowed it down 90% i could see everything being typed by the virus that i couldnt see when i was watching it live since the text scrolls so fast and about 6 mins in on like the 15 thousanths page of notepad i saw a url just in between the brackets and random code So i go to go to the url and i see it looks like a phpBB bulltien board but most of the icons like the webstite title werent desplaying properly and had an error icon so the forum only had no members and only 1 topic under general discussion called “eth emir fo hte enntcai rrmniea” that has 0 views so I click on the page and get this wierd poem its obvious who ever made this needs to cut down on his LSD lol heres the link if anyone one wants to check it out. '---Redacted---' '-Cubsfanguy82' Good job finding this out I never even thought of streaming the computer from another one anyone else who has the virus wanna try this and see if they get anymore links? '-999Darkelfmage999' lol that website is really freaky man. anyone know what that poem means? '-MrSp0ck' Is the website still working for everyone cus im getting a 404 page… '-Lazyismymiddlename' hey im clicking on the link but im not seeing a bulletin board '-Whoareyoupeople' Looks like the links dead now but TheDelinquentRebel sent me PM with what it said I’ll paste it In mist or cloud, on mast or shroud, It perched for vespers nine; Whiles all the night, through fog-smoke white, Glimmered the white Moon-shine.' God save thee, ancient Mariner!'' From the fiends, that plague thee thus!— Why look'st thou so?'—With my cross-bow I shot the ALBATROSS. Even though this oddity of a virus did become infamous with a small group of hackers at the time the majority of people who became infected by it had no knowledge of the virus’s strange agenda. One of the earliest entries we have on the internet of ignota.YLP being mentioned isn’t from a computer security or programer group it’s found in a blog post from the website of a more moderate chapter of the pacific northwest based eco-terrorist group known as The Earth Liberation Front. Below is another post on the matter: '''Environmental Update Report I want to thank everyone for the great support they’ve shown to each other in these hard times, everyday more and more innocent animals are slaughtered and more of our precious trees are murdered by the money obsessed loggers who are killing our mother earth…. Despite the rain our protest at city hall is going to go on as scheduled. We think everyoung should bring an umbrella. On a side note I apologise for any inconvenience to anyone who wanted to know when we would be getting more T-Shirts. I still haven’t been able to get into my email since my computer at the techshop. The people there say the problems more serious than they thought. I will continue to pray that they can find a way to remove ignota.YLP '' ''―Michelle Whitley (July 30 2001) Tech support anonymous forums: '-Syrinity' Hey anyone here heard of ignota.YLP? Some friends of mine on the Linux forum were trying crack it a few weeks back after one guy found it on his mac admin was real dick and locked the topic so anyone here know anything about it? '-Tacoman11' Who runs Linux from there mac? '-Wallflower' Actually yeah, haha I posted about that over on general discussion but no one replied to my topic I work at like the only computer repair shop in Fresno so old people bring in their computers every day with problems like they forgot how to login to their email or other B.S but around a week ago this one black guy who was about 50 came in with a brand new top model computer and just told me to call him when we fixed it. He couldn’t even tell me what was wrong with it I don’t want to sound racist but I don’t think he bought it if you know what I mean. When I looked at it the computer looked completely normal. I ran the virus check found nothing. All the programs on it were just default windows ones except a .YLP file called ignota. I couldn’t delete it and when i finally found a way to move it to another computer the desktop just got filled up completely random code. I managed to extract some weird video mp4 file before the hard drive overloaded. The video acted like it was showing a live stream even when it wasn’t connected to dial up. It never buffered and I couldn’t rewind it. it was just a camera facing this piece of printer paper with a weird symbol ” written on it... At that point I called the guy and told him I couldn’t fix the computer. Because of the virus seeming to target Asian speaking networks and computers obviously the virus has gained more fame in those countries. Even up until 2003 it was pretty regularly talked about among computer science students at some of their larger universities in those countries and one Korean tech firm to this day offers ₩ 5,000,000 (The equivalent of around four thousand US dollars) in exchange for information leading the discovery of the identity of the person or group who created the virus. As far as I’m aware the only official investigation on this program was opened in China after the Minister of Agriculture discovered the virus on his office computer and somehow came to the conclusion that the program was proof of some kind of attempt at espionage. Most of the Asian news articles reporting on the event don’t add much to the story but they are some of the only actual newspapers that have ever mentioned ignota.YLP by name. Though I did discover an unpublished article about the apparent hacking written by journalist who works with The South China Morning Post which I have posted below: Investigators in the attempted intelligence theft at the office of the ministry of Agriculture still have yet to discover the identity of the hacker responsible for the crime. It is clear that Minister Chen Yaobang will not yet make a public statement on the progress made by the investigators but sources within the Government who wish to remain anonymous have reported to the press that they are close to making a breakthrough and have widened their search after it was discovered computers both in the academic and private sector also have been found to have a similar virus infecting their systems which make the user envious of the dead. “Makes the user envious of the dead.” It’s not a translation error. Even in Mandarin the wording is odd and I’m not sure what the post meant by that. But since the report never ended up being published it might just be what happens when a newspaper’s editor doesn’t go over something to make sure it's ready for publication. Even though the website that those individuals from the Yahoo tech forum created to discuss the virus cannot be accessed anymore through certain linkage techniques, we have been able to see how many times input was added to the forum from the different IPs. In layman's terms you can see whenever someone posted but just not the actual content of the post. On average, the 26 people from the Yahoo group who posted on the new website made about 12 posts a day That was until September 9th when the number skyrocketed. To show what I mean the user Cubsfanguy82 posted 10 times on September 8th. On September 9th Cubsfanguy82 posted on the website 872 times between the hours of 5 AM to 11 PM. It is unknown what the members of the site discovers which caused them to talk back and forth so much on September 9th. Partly because all of the websites member became inactive on every site it was discovered they had accounts on. One thing that is known though is the day after the strange posting history by “The Ministry of Silly Walkers” At 1 am UTC time on the early morning of September 10th 2001 UTC Time the virus disappeared. There was no warning no inclination of anything happening. It just disappeared from the desktop of every computer across the world. It didn’t uninstall or delete itself it just went away without any trace that it was ever there… Computers that wouldn’t start up or whose hard drives were full due to the users attempting to to delete the virus started working perfectly again. Documents that were renamed and color schemes that were changed reverted back to their original form. It was like it never existed. There likely would of been more inquiries or investigations into what had happen if not for the tragedy which occurred the next day but for the most part the virus was forgotten by the public after it had disappeared. The story was believed to have ended there but recently an interest was taken by the James Randi Educational Foundation into the nature of the virus and a few people were found who agreed to be interviewed about it. The interviewers asked a series of questions from a script. It was during one of these interviews in which a man who owned a computer store in Dublin and whom at the time who had fallen victim to the virus was asked if he had experienced anything supernatural in his life either before or after the virus. The Irishman told the interviewer how around July 2003 he noticed a strange symbol carved into a bookshelf in his home out the blue that he had never seen before, He told the interviewer how he noticed the symbol again next year in July spray painted on a brick wall in his neighborhood. Then again the year after that the symbol appeared overnight as a crack on his windshield. Most people wouldn't remember these things over a decade down the line of assume them to be coincidences but this memory seemed very vivid in the Irishman's mind. Even at the time something about that symbol was so upsetting that it caused him a large amount of emotional trauma then which still seemed to resonate for over a decade and caused him to become visibly shaken when recounting it. Just something about it made him know it wasn't right when he saw it on his bookshelf. He kept telling the interviewer that when pressed for details. After polling a larger number of people it seemed many of the victims of the virus had found this symbol around their homes in one way or another every year in the month of July. During an interview with Professor Alexander Neméth’s widow she told investigators that before his death in 2005 Professor Neméth showed his wife a very old leather bound book that had the symbol in it among a variety of other things. Though Neméth’s widow forgets the exact circumstances that her husband was showing her the book she said that her husband didn’t connect the symbol with ignota.YLP at all and said how he lost interest in within a month of him writing the email that I posted above with ignota.YLP. That’s really all the information that there really is on ignota.YLP There are no answers no theories nothing that would explain anything. The only record that it ever existed is found in the written accounts of people who experienced it. I don’t know if anyone here might know anything we don’t so far but the reason I posted this was because I hoped someone might see it and message me on this site with another piece of the puzzle another tidbit of information not chronicled so far. If on the slight chance you do I ask you contact me on this website with any information that would be of use. Category:Computers and Internet